fixed sops age keyFile getting sent to instal target

2024-09-15 19:49:30 -05:00 · 2024-09-15 19:49:30 -05:00 · 16bb44f5e8
commit 16bb44f5e8
parent e65143b835
3 changed files with 60 additions and 2 deletions
--- a/README.md
+++ b/README.md
@ -21,7 +21,7 @@ keys for decrypting password secrets for each users located at `/var/lib/sops-ni

 updating passwords: `sops secrets/secrets.yaml`

-`nix run github:nix-community/nixos-anywhere/69ad3f4a50cfb711048f54013404762c9a8e201e -- --flake '.#hostname' nixos@192.168.1.130 --extra-files ~/.config/sops/age/`
+`./install.sh --target 192.168.1.130 --flake hostname`

 > how the current config was set up https://www.youtube.com/watch?v=G5f6GC7SnhU

--- a/enviroments/common/default.nix
+++ b/enviroments/common/default.nix
@ -31,13 +31,17 @@
  sops = {
    defaultSopsFile = ../../secrets/secrets.yaml;
    defaultSopsFormat = "yaml";
+    gnupg.sshKeyPaths = [];

    age ={
      keyFile = "/var/lib/sops-nix/key.txt";
-      # sshKeyPaths = ["${config.home.homeDirectory}/.ssh/nix-ed25519"];
+      sshKeyPaths = [];
      # generateKey = true;
    };
  };
+  environment.sessionVariables = {
+    AGE_KEY_FILE_LOCATION = "/var/lib/sops-nix/";
+  };

  # List packages installed in system profile.
  environment.systemPackages = with pkgs; [
--- a/install.sh
+++ b/install.sh
@ -0,0 +1,54 @@
+#!/usr/bin/env bash
+
+while [ $# -gt 0 ]; do
+  case "$1" in
+    --target*|-t*)
+      if [[ "$1" != *=* ]]; then shift; fi # Value is next arg if no `=`
+      target="${1#*=}"
+      ;;
+    --flake*|-f*)
+      if [[ "$1" != *=* ]]; then shift; fi
+      flake="${1#*=}"
+      ;;
+    --user*|-u*)
+      if [[ "$1" != *=* ]]; then shift; fi
+      user="${1#*=}"
+      ;;
+    --help|-h)
+      echo "--help -h: print this message"
+      echo "--target -t: set the target system to install on"
+      echo "--flake -f: set the flake to install on the target system"
+      echo "--user -u: set the user to install flake as on the target system"
+      exit 0
+      ;;
+    *)
+      echo "Error: Invalid argument $1"
+      exit 1
+      ;;
+  esac
+  shift
+done
+
+if [ -z ${target} ]; then
+	echo "target is blank";
+	exit 1;
+fi
+
+if [ -z ${flake} ]; then
+	echo "flake is blank";
+	exit 1;
+fi
+
+temp=$(mktemp -d)
+# Function to cleanup temporary directory on exit
+cleanup() {
+  rm -rf "$temp"
+}
+trap cleanup EXIT
+
+# copy key file to temp folder to copy over to target
+mkdir -p $temp$AGE_KEY_FILE_LOCATION
+cp -r $AGE_KEY_FILE_LOCATION/* $temp$AGE_KEY_FILE_LOCATION
+
+# commit number in this is because the main branch of nixos-anywhere is broken right now
+nix run github:nix-community/nixos-anywhere/b3b6bfebba35d55fba485ceda588984dec74c54f -- --extra-files $temp --flake ".#$flake" ${user:-nixos}@$target